Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

googleleads.g.doubleclick.net


  • This topic is locked This topic is locked
22 replies to this topic

#1 wwllmm

wwllmm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 January 2012 - 09:41 PM

Three problems with xp professional sp3

1.
About 3 weeks ago had Google redirect virus that would interfere with links on web page. It would send me to an unrelated web page. If I paged back and clicked the link again it would go to the correct site.

With HJT I was able to stop this activity.

2.
Then I noticed I could not open NETWORK CONNECTIONS properties. Received "An unexpected error occurred." message box. I tried sfc /scannow and the microsoft fix:

Click Start, and then click Run. Open a new command prompt (CMD).
Type regsvr32 %systemroot%\system32\netshell.dll, and then click OK.
In the RegSvr32 dialog box, Press OK.
Type Regsvr32 %SystemRoot%\System32\ole32.dll.
Press OK.
Reboot your machine.

Did not work. Tried to uninstall nic. Received alert that it could not be uninstalled because it was required to boot. Tried in Safe mode - same. It did disappear from device list after this but could not be reinstalled. had to use system restore to have nic functional.

3.
Now I have a redirect problem when using Google. A link will give a click sound two or three times, then go to the right page. When I look at the recent pages to go back to the original page, there may be several googleleads.g.doubleclick.net entries between the links.

I have run latest Malwarbytes, superantispyware and many other available rootkit programs. This occurs wit both ie and firefox


Attached are the dds file and the gmer file.

Thank you for your help


wllm

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 29 January 2012 - 02:48 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 29 January 2012 - 06:34 PM

Dear Gringo,
Thank you for the help. See attached combifix log. It reported that avira desktop was active. I followed the forum instructions to inactivate avira, still same report box. Unchecked in msconfig and tried to turn off avira scheduler service manually and I could not stop the service. Ran combifix anyway.

Still cannot access network properties.

Much less googleleads.g.doubleclick.net/page in recent pages. With internet explorer it will occur on one web site so far. First time to site (http://www.thehighroad.org/archive/index.php/t-449647.html) received security box about connecting to a secure connection. Closed security box with X and no googleleads.g.doubleclick.net in recent page. Then next time to site in security box checked do not show again and then started receiving the googleleads.g.doubleclick.net twice on recent pages list. Looked at page privacy report and most lines had cookies from http://www.thehighroad.org/archive/index.php/t-449647.html and were check never to take cookies from that site.

With firefox at same page I receive "firefox prevented redirection" at top and on status toolbar at bottom "transferring data from cashe.dachboardad.net...." and no googleleads.g.doubleclick.net in recent pages.

Also cannot get to bleepingcomputer home page while using internet explorer, keeps trying to recover page. I can with firefox.

ComboFix 12-01-29.02 - HOME 01/29/2012 17:09:11.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2560 [GMT -5:00]
Running from: c:\documents and settings\HOME\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HOME\GoToAssistDownloadHelper.exe
c:\documents and settings\HOME\My Documents\~WRL0001.tmp
c:\documents and settings\HOME\My Documents\~WRL0002.tmp
c:\documents and settings\HOME\My Documents\~WRL1835.tmp
c:\documents and settings\HOME\My Documents\~WRL4063.tmp
c:\documents and settings\HOME\WINDOWS
c:\windows\alcrmv.exe
c:\windows\system32\drivers\etc\hosts1
c:\windows\system32\winio.dll
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-25 02:02 . 2012-01-25 02:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-25 02:01 . 2012-01-25 02:01 -------- d-----w- c:\program files\Intel
2012-01-21 17:10 . 2012-01-21 17:10 -------- d-----w- C:\New Folder
2012-01-21 00:08 . 2012-01-21 00:09 -------- d-----w- c:\program files\TweakNow RegCleaner 2011
2012-01-21 00:08 . 2012-01-21 00:08 -------- d-----w- c:\documents and settings\HOME\Application Data\TweakNow RegCleaner 2011
2012-01-21 00:00 . 2012-01-25 02:02 -------- d-----w- c:\documents and settings\Administrator.WLM-WLM
2012-01-20 23:00 . 2012-01-20 23:00 -------- d-----w- c:\program files\ProcessExplorer
2012-01-20 21:50 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-20 21:50 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-20 21:50 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-20 21:50 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-20 21:49 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-01-20 21:49 . 2008-04-13 18:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-01-20 21:49 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-20 21:49 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2012-01-20 21:49 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-01-20 21:49 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-20 21:48 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-20 21:48 . 2008-04-13 18:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-20 21:48 . 2008-04-13 18:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-01-20 21:47 . 2008-04-13 18:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-01-20 21:47 . 2008-04-14 00:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-01-20 21:47 . 2008-04-14 00:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-01-20 21:47 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-01-20 21:46 . 2008-04-13 18:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-01-20 21:46 . 2008-04-14 00:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-20 21:46 . 2008-04-13 18:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-01-20 21:46 . 2008-04-13 18:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-01-20 21:46 . 2008-04-14 00:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-01-20 21:46 . 2008-04-13 18:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-01-20 21:46 . 2008-04-14 00:10 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-01-20 21:46 . 2008-04-13 18:44 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-01-20 21:44 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-01-20 21:44 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-01-20 21:44 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-01-20 21:43 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-01-20 21:26 . 2008-04-13 18:40 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2012-01-20 21:26 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-01-20 21:26 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-01-20 21:26 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-01-20 21:25 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-01-20 21:25 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-01-20 21:25 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-01-20 21:25 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-01-20 21:25 . 2008-04-14 00:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2012-01-20 21:25 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2012-01-20 21:25 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2012-01-20 21:24 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2012-01-20 21:24 . 2008-04-13 18:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2012-01-20 21:24 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2012-01-20 21:20 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-01-20 21:20 . 2008-04-13 18:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2012-01-20 21:20 . 2008-04-14 00:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2012-01-20 21:20 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-01-20 21:20 . 2008-04-13 18:36 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2012-01-20 21:20 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2012-01-20 21:20 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2012-01-20 21:19 . 2008-04-13 18:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2012-01-20 21:18 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2012-01-20 21:18 . 2008-04-13 18:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2012-01-20 21:03 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2012-01-20 21:03 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2012-01-17 22:22 . 2012-01-17 22:22 -------- d-----w- c:\documents and settings\HOME\Application Data\SUPERAntiSpyware.com
2012-01-17 22:21 . 2012-01-17 22:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-17 22:21 . 2012-01-17 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-17 22:01 . 2012-01-17 22:01 -------- d-----w- c:\program files\tdsskiller
2012-01-17 22:00 . 2012-01-17 22:00 -------- d-----w- c:\program files\New Folder
2012-01-05 23:38 . 2012-01-05 23:39 -------- d-----w- c:\program files\OLYMPUS
2012-01-05 23:38 . 2012-01-05 23:39 -------- d-----w- c:\program files\Common Files\Olympus Shared
2012-01-05 23:38 . 2012-01-05 23:37 196608 ----a-w- c:\windows\system32\olylistenserver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-05-12 11:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 17:40 . 2011-12-11 19:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-09 17:40 . 2011-12-11 19:56 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-09 17:40 . 2009-05-14 20:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-20 417792]
.
c:\documents and settings\HOME\Start Menu\Programs\Startup\
naviscope.lnk - c:\program files\Naviscope\naviscope.exe [2009-1-28 1277440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-5 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
backup=c:\windows\pss\Device Detector 4.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Scanner Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Scanner Monitor.lnk
backup=c:\windows\pss\EPSON Scanner Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Supero Doctor III Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk
backup=c:\windows\pss\Supero Doctor III Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 23:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-23 00:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-27 22:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-27 22:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus DSS UpdateManager]
2011-02-24 18:49 204800 ----a-w- c:\program files\OLYMPUS\DSSPlayerPro\UpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-20 13:31 417792 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 23:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SuperMicro Health Assistant"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ICDSPTSV"=3 (0x3)
"wuauserv"=2 (0x2)
"PACS Client Updater"=2 (0x2)
"AcrSch2Svc"=3 (0x3)
"idsvc"=3 (0x3)
"Amazon Download Agent"=3 (0x3)
"gupdate"=3 (0x3)
"ose"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"LBTServ"=3 (0x3)
"AntiVirService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OLYMPUS\\DSSPlayerPro\\DictationModule.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 AACMgt;AACMgt;c:\windows\system32\drivers\aacmgt.sys [4/14/2005 5:21 PM 93299]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [1/6/2010 9:55 AM 902592]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/11/2011 2:56 PM 36000]
R1 ISAIONT;ISAIONT;c:\windows\system32\drivers\IsaIoNt.sys [7/25/2010 7:04 PM 3853]
R1 MemMapNt;MemMapNt;c:\windows\system32\drivers\memmapnt.sys [7/25/2010 7:04 PM 3908]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SMBus;SMBus;c:\windows\system32\drivers\smbus.sys [7/25/2010 7:04 PM 9984]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/11/2011 2:56 PM 86224]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S1 superbmc;superbmc;c:\windows\system32\drivers\SUPERBMC.SYS [1/28/2009 8:25 AM 14174]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/5/2011 8:59 AM 10384]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\Icdusb.sys [2/4/2009 7:51 PM 26409]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2/4/2009 7:51 PM 39048]
S3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2/24/2011 1:39 PM 176128]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/8/2009 12:38 PM 11520]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [7/2/2008 3:02 PM 24576]
S4 SuperMicro Health Assistant;SuperMicro Health Assistant;c:\program files\SUPERMICRO\SDIII\NTService.exe [7/25/2010 7:04 PM 131072]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2011-11-12 02:38]
.
2011-11-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-11-12 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/search?hl=en&safe=off&gbv=2&biw=1680&bih=875&q=+++&btnG=Search&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=
Trusted Zone: hma-pas.com
Trusted Zone: hma-pas.com\paweb
Trusted Zone: hma.com\venice
Trusted Zone: intuit.com\ttlc
Trusted Zone: logmein.com\office7-cosmvenice-local-iezcogbouy.app01-13
Trusted Zone: logmein.com\secure
Trusted Zone: marketwatch.com\custom
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: usaa.com\www
Trusted Zone: wellsfargo.com\online
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6FDD223F-D092-4E09-AA9E-BA0FDCC308AC}: DhcpNameServer = 192.168.2.1
DPF: {F64CF9E2-3F17-424E-9943-1C7C546F0B2E} - hxxps://808pacs.hma.org/resultsviewer/ImpaxImageViewer.CAB
FF - ProfilePath - c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&num=50&lr=&cr=&safe=off
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\HOME\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: NewTabURL: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Duplicate This Tab: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RoboForm Lite: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-POINTER - point32.exe
MSConfigStartUp-AmazonGSDownloaderTray - c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-Olympus Notification - c:\program files\OLYMPUS\DSSPlayerPro\Notification.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-vcheck - c:\docume~1\HOME\LOCALS~1\Temp\vcheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-01-29 17:14:38
ComboFix-quarantined-files.txt 2012-01-29 22:14
.
Pre-Run: 667,863,781,376 bytes free
Post-Run: 667,816,312,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 06F712D0F3015DC1DB7D135818891991


Again thank you for your expertise and help

wwllmm

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 29 January 2012 - 08:17 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 29 January 2012 - 10:56 PM

Dear Gringo,

Here is the TDSSKiller log:



22:47:24.0406 3732 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:47:26.0406 3732 ============================================================
22:47:26.0406 3732 Current date / time: 2012/01/29 22:47:26.0406
22:47:26.0406 3732 SystemInfo:
22:47:26.0406 3732
22:47:26.0406 3732 OS Version: 5.1.2600 ServicePack: 3.0
22:47:26.0406 3732 Product type: Workstation
22:47:26.0406 3732 ComputerName: WLM-WLM
22:47:26.0406 3732 UserName: HOME
22:47:26.0406 3732 Windows directory: C:\WINDOWS
22:47:26.0406 3732 System windows directory: C:\WINDOWS
22:47:26.0406 3732 Processor architecture: Intel x86
22:47:26.0406 3732 Number of processors: 4
22:47:26.0406 3732 Page size: 0x1000
22:47:26.0406 3732 Boot type: Normal boot
22:47:26.0406 3732 ============================================================
22:47:28.0140 3732 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:47:28.0312 3732 Initialize success
22:47:43.0593 3276 ============================================================
22:47:43.0593 3276 Scan started
22:47:43.0593 3276 Mode: Manual;
22:47:43.0593 3276 ============================================================
22:47:43.0937 3276 AACMgt (7db455f98f73d4618589c34a70b72204) C:\WINDOWS\system32\drivers\AACMgt.sys
22:47:43.0937 3276 AACMgt - ok
22:47:43.0953 3276 Abiosdsk - ok
22:47:43.0953 3276 abp480n5 - ok
22:47:43.0984 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:43.0984 3276 ACPI - ok
22:47:44.0000 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:47:44.0000 3276 ACPIEC - ok
22:47:44.0015 3276 adpu160m - ok
22:47:44.0031 3276 adpu320 (c234c8595918e4403016fc7e87abf153) C:\WINDOWS\system32\DRIVERS\adpu320.sys
22:47:44.0031 3276 adpu320 - ok
22:47:44.0062 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:47:44.0078 3276 aec - ok
22:47:44.0109 3276 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:47:44.0109 3276 AFD - ok
22:47:44.0109 3276 Aha154x - ok
22:47:44.0125 3276 aic78u2 - ok
22:47:44.0125 3276 aic78xx - ok
22:47:44.0203 3276 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:47:44.0218 3276 ALCXWDM - ok
22:47:44.0234 3276 AliIde - ok
22:47:44.0234 3276 amsint - ok
22:47:44.0265 3276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:47:44.0265 3276 Arp1394 - ok
22:47:44.0265 3276 asc - ok
22:47:44.0281 3276 asc3350p - ok
22:47:44.0281 3276 asc3550 - ok
22:47:44.0296 3276 ASInsHelp - ok
22:47:44.0328 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:44.0328 3276 AsyncMac - ok
22:47:44.0343 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:44.0343 3276 atapi - ok
22:47:44.0343 3276 Atdisk - ok
22:47:44.0390 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:44.0390 3276 Atmarpc - ok
22:47:44.0390 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:44.0390 3276 audstub - ok
22:47:44.0421 3276 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:47:44.0421 3276 avgntflt - ok
22:47:44.0421 3276 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:47:44.0437 3276 avipbb - ok
22:47:44.0437 3276 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:47:44.0453 3276 avkmgr - ok
22:47:44.0468 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:47:44.0468 3276 Beep - ok
22:47:44.0546 3276 catchme - ok
22:47:44.0578 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:44.0578 3276 cbidf2k - ok
22:47:44.0593 3276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:47:44.0593 3276 CCDECODE - ok
22:47:44.0609 3276 cd20xrnt - ok
22:47:44.0625 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:44.0625 3276 Cdaudio - ok
22:47:44.0625 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:44.0625 3276 Cdfs - ok
22:47:44.0640 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:44.0640 3276 Cdrom - ok
22:47:44.0656 3276 Changer - ok
22:47:44.0671 3276 CmdIde - ok
22:47:44.0687 3276 Cpqarray - ok
22:47:44.0703 3276 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
22:47:44.0703 3276 ctljystk - ok
22:47:44.0718 3276 dac2w2k - ok
22:47:44.0734 3276 dac960nt - ok
22:47:44.0750 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:44.0750 3276 Disk - ok
22:47:44.0781 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:47:44.0796 3276 dmboot - ok
22:47:44.0796 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
22:47:44.0796 3276 dmio - ok
22:47:44.0812 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:47:44.0828 3276 dmload - ok
22:47:44.0843 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:47:44.0843 3276 DMusic - ok
22:47:44.0859 3276 dpti2o - ok
22:47:44.0875 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:44.0875 3276 drmkaud - ok
22:47:44.0921 3276 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:47:44.0921 3276 e1express - ok
22:47:44.0937 3276 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
22:47:44.0937 3276 emu10k - ok
22:47:44.0937 3276 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
22:47:44.0937 3276 emu10k1 - ok
22:47:44.0968 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:44.0968 3276 Fastfat - ok
22:47:45.0000 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:47:45.0000 3276 Fdc - ok
22:47:45.0015 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:47:45.0015 3276 Fips - ok
22:47:45.0015 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:47:45.0015 3276 Flpydisk - ok
22:47:45.0046 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:47:45.0046 3276 FltMgr - ok
22:47:45.0062 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:45.0062 3276 Fs_Rec - ok
22:47:45.0062 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:45.0062 3276 Ftdisk - ok
22:47:45.0078 3276 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:47:45.0078 3276 gameenum - ok
22:47:45.0093 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:45.0093 3276 Gpc - ok
22:47:45.0109 3276 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:45.0109 3276 hidusb - ok
22:47:45.0125 3276 hpn - ok
22:47:45.0140 3276 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:47:45.0140 3276 HSFHWBS2 - ok
22:47:45.0156 3276 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:47:45.0171 3276 HSF_DPV - ok
22:47:45.0203 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:45.0203 3276 HTTP - ok
22:47:45.0203 3276 i2omgmt - ok
22:47:45.0218 3276 i2omp - ok
22:47:45.0234 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:45.0234 3276 i8042prt - ok
22:47:45.0265 3276 ICDUSB (c322b24eb696a727bab561dbdb4aab25) C:\WINDOWS\system32\Drivers\ICDUSB.sys
22:47:45.0265 3276 ICDUSB - ok
22:47:45.0296 3276 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
22:47:45.0296 3276 ICDUSB2 - ok
22:47:45.0312 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:45.0312 3276 Imapi - ok
22:47:45.0312 3276 ini910u - ok
22:47:45.0328 3276 IntelIde - ok
22:47:45.0375 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:47:45.0375 3276 intelppm - ok
22:47:45.0390 3276 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:47:45.0390 3276 ip6fw - ok
22:47:45.0406 3276 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
22:47:45.0406 3276 IPFilter - ok
22:47:45.0421 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:45.0421 3276 IpFilterDriver - ok
22:47:45.0453 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:45.0453 3276 IpInIp - ok
22:47:45.0468 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:45.0468 3276 IpNat - ok
22:47:45.0484 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:45.0484 3276 IPSec - ok
22:47:45.0500 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:45.0500 3276 IRENUM - ok
22:47:45.0515 3276 ISAIONT (c0d5b9e271e38ae3305a15280f6b46d9) C:\WINDOWS\system32\drivers\ISAIONT.sys
22:47:45.0515 3276 ISAIONT - ok
22:47:45.0531 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:45.0531 3276 isapnp - ok
22:47:45.0531 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:45.0531 3276 Kbdclass - ok
22:47:45.0546 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:45.0546 3276 kbdhid - ok
22:47:45.0578 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:47:45.0578 3276 kmixer - ok
22:47:45.0593 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:45.0593 3276 KSecDD - ok
22:47:45.0609 3276 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:47:45.0609 3276 L8042Kbd - ok
22:47:45.0625 3276 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:47:45.0625 3276 LBeepKE - ok
22:47:45.0640 3276 lbrtfdc - ok
22:47:45.0656 3276 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:47:45.0656 3276 LHidFilt - ok
22:47:45.0671 3276 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:47:45.0671 3276 mdmxsdk - ok
22:47:45.0687 3276 MemMapNt (b4f4ae2e4f58f808f46153f7f573b23f) C:\WINDOWS\system32\drivers\MemMapNt.sys
22:47:45.0687 3276 MemMapNt - ok
22:47:45.0703 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:45.0703 3276 mnmdd - ok
22:47:45.0718 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:47:45.0718 3276 Modem - ok
22:47:45.0718 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:45.0718 3276 Mouclass - ok
22:47:45.0750 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:45.0750 3276 mouhid - ok
22:47:45.0765 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:45.0765 3276 MountMgr - ok
22:47:45.0765 3276 mraid35x - ok
22:47:45.0781 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:47:45.0781 3276 MRxDAV - ok
22:47:45.0828 3276 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:47:45.0828 3276 MRxSmb - ok
22:47:45.0843 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:47:45.0843 3276 Msfs - ok
22:47:45.0875 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:47:45.0890 3276 MSKSSRV - ok
22:47:45.0890 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:47:45.0890 3276 MSPCLOCK - ok
22:47:45.0906 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:47:45.0921 3276 MSPQM - ok
22:47:45.0937 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:47:45.0937 3276 mssmbios - ok
22:47:45.0953 3276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:47:45.0953 3276 MSTEE - ok
22:47:45.0984 3276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:47:45.0984 3276 Mup - ok
22:47:46.0000 3276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:47:46.0000 3276 NABTSFEC - ok
22:47:46.0015 3276 NAL (794765b6737df2da29e6abc8c8dcd6ac) C:\WINDOWS\system32\Drivers\iqvw32.sys
22:47:46.0015 3276 NAL - ok
22:47:46.0031 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:47:46.0031 3276 NDIS - ok
22:47:46.0046 3276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:47:46.0046 3276 NdisIP - ok
22:47:46.0062 3276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:47:46.0062 3276 NdisTapi - ok
22:47:46.0093 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:47:46.0093 3276 Ndisuio - ok
22:47:46.0093 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:47:46.0093 3276 NdisWan - ok
22:47:46.0109 3276 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:47:46.0109 3276 NDProxy - ok
22:47:46.0140 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:47:46.0140 3276 NetBIOS - ok
22:47:46.0156 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:47:46.0156 3276 NetBT - ok
22:47:46.0187 3276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:47:46.0187 3276 NIC1394 - ok
22:47:46.0203 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:47:46.0203 3276 Npfs - ok
22:47:46.0218 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:47:46.0234 3276 Ntfs - ok
22:47:46.0250 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:47:46.0250 3276 Null - ok
22:47:46.0406 3276 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:47:46.0453 3276 nv - ok
22:47:46.0484 3276 nvcap (fc5096f04f28f08b98206acbd9be94ac) C:\WINDOWS\system32\DRIVERS\nvcap.sys
22:47:46.0484 3276 nvcap - ok
22:47:46.0500 3276 NVXBAR (9bd01bfa8e161f3078856f0159275965) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
22:47:46.0500 3276 NVXBAR - ok
22:47:46.0515 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:47:46.0515 3276 NwlnkFlt - ok
22:47:46.0531 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:47:46.0531 3276 NwlnkFwd - ok
22:47:46.0546 3276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:47:46.0546 3276 ohci1394 - ok
22:47:46.0562 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:47:46.0562 3276 Parport - ok
22:47:46.0562 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:47:46.0562 3276 PartMgr - ok
22:47:46.0593 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:47:46.0593 3276 ParVdm - ok
22:47:46.0609 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:47:46.0609 3276 PCI - ok
22:47:46.0609 3276 PCIDump - ok
22:47:46.0625 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:47:46.0625 3276 PCIIde - ok
22:47:46.0656 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:47:46.0656 3276 Pcmcia - ok
22:47:46.0671 3276 PDCOMP - ok
22:47:46.0671 3276 PDFRAME - ok
22:47:46.0687 3276 PDRELI - ok
22:47:46.0687 3276 PDRFRAME - ok
22:47:46.0703 3276 perc2 - ok
22:47:46.0703 3276 perc2hib - ok
22:47:46.0750 3276 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
22:47:46.0750 3276 PfModNT - ok
22:47:46.0781 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:47:46.0781 3276 PptpMiniport - ok
22:47:46.0796 3276 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:47:46.0796 3276 Processor - ok
22:47:46.0796 3276 PROCEXP151 - ok
22:47:46.0812 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:47:46.0812 3276 PSched - ok
22:47:46.0828 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:47:46.0843 3276 Ptilink - ok
22:47:46.0843 3276 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:47:46.0843 3276 PxHelp20 - ok
22:47:46.0859 3276 ql1080 - ok
22:47:46.0859 3276 Ql10wnt - ok
22:47:46.0875 3276 ql12160 - ok
22:47:46.0875 3276 ql1240 - ok
22:47:46.0890 3276 ql1280 - ok
22:47:46.0890 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:47:46.0890 3276 RasAcd - ok
22:47:46.0906 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:47:46.0906 3276 Rasl2tp - ok
22:47:46.0921 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:47:46.0921 3276 RasPppoe - ok
22:47:46.0937 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:47:46.0937 3276 Raspti - ok
22:47:46.0953 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:47:46.0953 3276 Rdbss - ok
22:47:46.0968 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:47:46.0968 3276 RDPCDD - ok
22:47:46.0968 3276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:47:46.0984 3276 rdpdr - ok
22:47:47.0000 3276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:47:47.0000 3276 RDPWD - ok
22:47:47.0015 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:47:47.0015 3276 redbook - ok
22:47:47.0109 3276 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:47:47.0109 3276 SASDIFSV - ok
22:47:47.0109 3276 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:47:47.0109 3276 SASKUTIL - ok
22:47:47.0140 3276 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
22:47:47.0140 3276 scsiscan - ok
22:47:47.0171 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:47:47.0171 3276 Secdrv - ok
22:47:47.0187 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:47:47.0187 3276 serenum - ok
22:47:47.0203 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:47:47.0203 3276 Serial - ok
22:47:47.0234 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:47:47.0234 3276 Sfloppy - ok
22:47:47.0250 3276 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
22:47:47.0265 3276 sfman - ok
22:47:47.0265 3276 Simbad - ok
22:47:47.0296 3276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:47:47.0296 3276 SLIP - ok
22:47:47.0312 3276 SMBus (867cbf07f97b45f393e4c64e01f664fe) C:\WINDOWS\system32\drivers\SMBus.sys
22:47:47.0312 3276 SMBus - ok
22:47:47.0328 3276 snapman (e60646143eb6b746eb3ab58ef7d5cff7) C:\WINDOWS\system32\DRIVERS\snapman.sys
22:47:47.0328 3276 snapman - ok
22:47:47.0328 3276 Sparrow - ok
22:47:47.0359 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:47:47.0359 3276 splitter - ok
22:47:47.0375 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:47:47.0375 3276 sr - ok
22:47:47.0406 3276 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:47:47.0406 3276 Srv - ok
22:47:47.0421 3276 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:47:47.0421 3276 ssmdrv - ok
22:47:47.0453 3276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:47:47.0453 3276 streamip - ok
22:47:47.0468 3276 superbmc (d3ea1859a202aeab7f205e54686ab9b4) C:\WINDOWS\system32\drivers\superbmc.sys
22:47:47.0468 3276 superbmc - ok
22:47:47.0484 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:47:47.0484 3276 swenum - ok
22:47:47.0500 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:47:47.0500 3276 swmidi - ok
22:47:47.0515 3276 symc810 - ok
22:47:47.0515 3276 symc8xx - ok
22:47:47.0531 3276 sym_hi - ok
22:47:47.0531 3276 sym_u3 - ok
22:47:47.0546 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:47:47.0546 3276 sysaudio - ok
22:47:47.0593 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:47:47.0593 3276 Tcpip - ok
22:47:47.0609 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:47:47.0609 3276 TDPIPE - ok
22:47:47.0640 3276 tdrpman228 (664469f03c955e851c5de58eea233f5a) C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
22:47:47.0656 3276 tdrpman228 - ok
22:47:47.0671 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:47:47.0671 3276 TDTCP - ok
22:47:47.0687 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:47:47.0687 3276 TermDD - ok
22:47:47.0703 3276 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
22:47:47.0703 3276 tifsfilter - ok
22:47:47.0718 3276 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys
22:47:47.0718 3276 timounter - ok
22:47:47.0734 3276 TosIde - ok
22:47:47.0765 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:47:47.0765 3276 Udfs - ok
22:47:47.0765 3276 ultra - ok
22:47:47.0796 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:47:47.0796 3276 Update - ok
22:47:47.0828 3276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:47:47.0828 3276 usbaudio - ok
22:47:47.0828 3276 usbbus - ok
22:47:47.0843 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:47:47.0843 3276 usbccgp - ok
22:47:47.0859 3276 UsbDiag - ok
22:47:47.0875 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:47:47.0875 3276 usbehci - ok
22:47:47.0875 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:47:47.0875 3276 usbhub - ok
22:47:47.0890 3276 USBModem - ok
22:47:47.0890 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:47:47.0890 3276 usbprint - ok
22:47:47.0906 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:47:47.0906 3276 usbscan - ok
22:47:47.0921 3276 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:47:47.0921 3276 usbstor - ok
22:47:47.0937 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:47:47.0937 3276 usbuhci - ok
22:47:47.0953 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:47:47.0953 3276 VgaSave - ok
22:47:47.0953 3276 ViaIde - ok
22:47:47.0968 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:47:47.0968 3276 VolSnap - ok
22:47:48.0015 3276 vsdatant (1d4af8c2d2a57edf055ccd75467a45e8) C:\WINDOWS\system32\vsdatant.sys
22:47:48.0015 3276 vsdatant - ok
22:47:48.0031 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:47:48.0031 3276 Wanarp - ok
22:47:48.0078 3276 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:47:48.0078 3276 Wdf01000 - ok
22:47:48.0093 3276 WDICA - ok
22:47:48.0109 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:47:48.0109 3276 wdmaud - ok
22:47:48.0156 3276 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:47:48.0156 3276 winachsf - ok
22:47:48.0218 3276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:47:48.0218 3276 WS2IFSL - ok
22:47:48.0234 3276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:47:48.0234 3276 WSTCODEC - ok
22:47:48.0265 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:47:48.0421 3276 \Device\Harddisk0\DR0 - ok
22:47:48.0421 3276 Boot (0x1200) (0f1f1534ce51ee677d1dc8f9f39dca89) \Device\Harddisk0\DR0\Partition0
22:47:48.0421 3276 \Device\Harddisk0\DR0\Partition0 - ok
22:47:48.0421 3276 ============================================================
22:47:48.0421 3276 Scan finished
22:47:48.0421 3276 ============================================================
22:47:48.0437 3492 Detected object count: 0
22:47:48.0437 3492 Actual detected object count: 0



Thank you

wwllmm

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 29 January 2012 - 11:23 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 30 January 2012 - 07:52 PM

Dear Gringo,

Here is the log.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 19:26:22
-----------------------------
19:26:22.031 OS Version: Windows 5.1.2600 Service Pack 3
19:26:22.031 Number of processors: 4 586 0x404
19:26:22.046 ComputerName: WLM-WLM UserName: HOME
19:26:23.609 Initialize success
19:28:03.703 AVAST engine defs: 12013000
19:28:11.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:28:11.453 Disk 0 Vendor: WDC_WD7502ABYS-01A6B0 03.00C05 Size: 715404MB BusType: 3
19:28:11.468 Disk 0 MBR read successfully
19:28:11.468 Disk 0 MBR scan
19:28:11.484 Disk 0 Windows XP default MBR code
19:28:11.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715394 MB offset 63
19:28:11.484 Disk 0 scanning sectors +1465128000
19:28:11.546 Disk 0 scanning C:\WINDOWS\system32\drivers
19:28:21.312 Service scanning
19:28:21.781 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
19:28:22.296 Modules scanning
19:28:26.015 Disk 0 trace - called modules:
19:28:26.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:28:26.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac8ea38]
19:28:26.015 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ac2f948]
19:28:26.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ac21940]
19:28:27.578 AVAST engine scan C:\WINDOWS
19:28:35.171 AVAST engine scan C:\WINDOWS\system32
19:31:27.609 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:04.812 AVAST engine scan C:\Documents and Settings\HOME
19:35:44.796 AVAST engine scan C:\Documents and Settings\All Users
19:37:27.140 Scan finished successfully
19:50:05.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HOME\Desktop\MBR.dat"
19:50:05.359 The log file has been saved successfully to "C:\Documents and Settings\HOME\Desktop\aswMBR.txt"


Thank you,

wwllmm

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 30 January 2012 - 09:05 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 31 January 2012 - 07:35 PM

Dear Gringo,

Still cannot access network connection properties.

In IE cannot connect to bleeping computer home page:

"When a website causes a failure or crash, Internet Explorer attempts to restore the site. It stops after two tries to avoid an endless loop."

Lost a programed button to mouse for back-page, I can reset that later.

ComboFix 12-01-30.02 - HOME 01/30/2012 22:43:25.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2475 [GMT -5:00]
Running from: c:\documents and settings\HOME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HOME\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-25 02:02 . 2012-01-25 02:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-25 02:01 . 2012-01-25 02:01 -------- d-----w- c:\program files\Intel
2012-01-21 17:10 . 2012-01-21 17:10 -------- d-----w- C:\New Folder
2012-01-21 00:08 . 2012-01-21 00:09 -------- d-----w- c:\program files\TweakNow RegCleaner 2011
2012-01-21 00:08 . 2012-01-21 00:08 -------- d-----w- c:\documents and settings\HOME\Application Data\TweakNow RegCleaner 2011
2012-01-21 00:00 . 2012-01-25 02:02 -------- d-----w- c:\documents and settings\Administrator.WLM-WLM
2012-01-20 23:00 . 2012-01-20 23:00 -------- d-----w- c:\program files\ProcessExplorer
2012-01-20 21:50 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-20 21:50 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-20 21:50 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-20 21:50 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-20 21:49 . 2008-04-13 18:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-01-20 21:49 . 2008-04-13 18:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-01-20 21:49 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-20 21:49 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2012-01-20 21:49 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-01-20 21:49 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-20 21:48 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-20 21:48 . 2008-04-13 18:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-20 21:48 . 2008-04-13 18:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-01-20 21:47 . 2008-04-13 18:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-01-20 21:47 . 2008-04-14 00:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-01-20 21:47 . 2008-04-14 00:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-01-20 21:47 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-01-20 21:46 . 2008-04-13 18:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-01-20 21:46 . 2008-04-14 00:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-20 21:46 . 2008-04-13 18:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-01-20 21:46 . 2008-04-13 18:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-01-20 21:46 . 2008-04-14 00:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-01-20 21:46 . 2008-04-13 18:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-01-20 21:46 . 2008-04-14 00:10 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-01-20 21:46 . 2008-04-13 18:44 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-01-20 21:44 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-01-20 21:44 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-01-20 21:44 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-01-20 21:43 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-01-20 21:26 . 2008-04-13 18:40 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2012-01-20 21:26 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-01-20 21:26 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-01-20 21:26 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-01-20 21:25 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-01-20 21:25 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-01-20 21:25 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-01-20 21:25 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-01-20 21:25 . 2008-04-14 00:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2012-01-20 21:25 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2012-01-20 21:25 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2012-01-20 21:24 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2012-01-20 21:24 . 2008-04-13 18:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2012-01-20 21:24 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2012-01-20 21:20 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-01-20 21:20 . 2008-04-13 18:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2012-01-20 21:20 . 2008-04-14 00:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2012-01-20 21:20 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-01-20 21:20 . 2008-04-13 18:36 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2012-01-20 21:20 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2012-01-20 21:20 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2012-01-20 21:19 . 2008-04-13 18:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2012-01-20 21:18 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2012-01-20 21:18 . 2008-04-13 18:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2012-01-20 21:03 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2012-01-20 21:03 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2012-01-17 22:22 . 2012-01-17 22:22 -------- d-----w- c:\documents and settings\HOME\Application Data\SUPERAntiSpyware.com
2012-01-17 22:21 . 2012-01-17 22:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-17 22:21 . 2012-01-17 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-17 22:01 . 2012-01-17 22:01 -------- d-----w- c:\program files\tdsskiller
2012-01-17 22:00 . 2012-01-17 22:00 -------- d-----w- c:\program files\New Folder
2012-01-05 23:38 . 2012-01-05 23:39 -------- d-----w- c:\program files\OLYMPUS
2012-01-05 23:38 . 2012-01-05 23:39 -------- d-----w- c:\program files\Common Files\Olympus Shared
2012-01-05 23:38 . 2012-01-05 23:37 196608 ----a-w- c:\windows\system32\olylistenserver.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-05-12 11:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 17:40 . 2011-12-11 19:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-09 17:40 . 2011-12-11 19:56 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-09 17:40 . 2009-05-14 20:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-20 417792]
.
c:\documents and settings\HOME\Start Menu\Programs\Startup\
naviscope.lnk - c:\program files\Naviscope\naviscope.exe [2009-1-28 1277440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-5 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
backup=c:\windows\pss\Device Detector 4.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Scanner Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Scanner Monitor.lnk
backup=c:\windows\pss\EPSON Scanner Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Supero Doctor III Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk
backup=c:\windows\pss\Supero Doctor III Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 23:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-23 00:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-27 22:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-27 22:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus DSS UpdateManager]
2011-02-24 18:49 204800 ----a-w- c:\program files\OLYMPUS\DSSPlayerPro\UpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-20 13:31 417792 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 23:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SuperMicro Health Assistant"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ICDSPTSV"=3 (0x3)
"wuauserv"=2 (0x2)
"PACS Client Updater"=2 (0x2)
"AcrSch2Svc"=3 (0x3)
"idsvc"=3 (0x3)
"Amazon Download Agent"=3 (0x3)
"gupdate"=3 (0x3)
"ose"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"LBTServ"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OLYMPUS\\DSSPlayerPro\\DictationModule.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 AACMgt;AACMgt;c:\windows\system32\drivers\aacmgt.sys [4/14/2005 5:21 PM 93299]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [1/6/2010 9:55 AM 902592]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/11/2011 2:56 PM 36000]
R1 ISAIONT;ISAIONT;c:\windows\system32\drivers\IsaIoNt.sys [7/25/2010 7:04 PM 3853]
R1 MemMapNt;MemMapNt;c:\windows\system32\drivers\memmapnt.sys [7/25/2010 7:04 PM 3908]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SMBus;SMBus;c:\windows\system32\drivers\smbus.sys [7/25/2010 7:04 PM 9984]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/11/2011 2:56 PM 86224]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S1 superbmc;superbmc;c:\windows\system32\drivers\SUPERBMC.SYS [1/28/2009 8:25 AM 14174]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/5/2011 8:59 AM 10384]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\Icdusb.sys [2/4/2009 7:51 PM 26409]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2/4/2009 7:51 PM 39048]
S3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2/24/2011 1:39 PM 176128]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/8/2009 12:38 PM 11520]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [7/2/2008 3:02 PM 24576]
S4 SuperMicro Health Assistant;SuperMicro Health Assistant;c:\program files\SUPERMICRO\SDIII\NTService.exe [7/25/2010 7:04 PM 131072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2011-11-12 02:38]
.
2011-11-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-11-12 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/search?hl=en&safe=off&gbv=2&biw=1680&bih=875&q=+++&btnG=Search&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=
Trusted Zone: hma-pas.com
Trusted Zone: hma-pas.com\paweb
Trusted Zone: hma.com\venice
Trusted Zone: intuit.com\ttlc
Trusted Zone: logmein.com\office7-cosmvenice-local-iezcogbouy.app01-13
Trusted Zone: logmein.com\secure
Trusted Zone: marketwatch.com\custom
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: usaa.com\www
Trusted Zone: wellsfargo.com\online
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6FDD223F-D092-4E09-AA9E-BA0FDCC308AC}: DhcpNameServer = 192.168.2.1
DPF: {F64CF9E2-3F17-424E-9943-1C7C546F0B2E} - hxxps://808pacs.hma.org/resultsviewer/ImpaxImageViewer.CAB
FF - ProfilePath - c:\documents and settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&num=50&lr=&cr=&safe=off
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\HOME\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: NewTabURL: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Duplicate This Tab: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RoboForm Lite: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-30 22:49:29
ComboFix-quarantined-files.txt 2012-01-31 03:49
ComboFix2.txt 2012-01-29 22:14
.
Pre-Run: 667,507,527,680 bytes free
Post-Run: 667,557,040,128 bytes free
.
- - End Of File - - 6C60213F2BCA3822CF509C096E6490F7


Thank you

wwllmm

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 31 January 2012 - 07:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 February 2012 - 12:31 PM

Dear Gringo,

Here is the OTL.txt log


OTL logfile created on: 2/1/2012 11:51:00 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 84.25% Memory free
4.84 Gb Paging File | 4.43 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 621.70 Gb Free Space | 88.99% Space Free | Partition Type: NTFS

Computer Name: WLM-WLM | User Name: HOME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HOME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdicoms.exe ( )
PRC - C:\Program Files\Naviscope\naviscope.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
PRC - C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll ()
MOD - C:\Program Files\Naviscope\naviscope.exe ()
MOD - C:\Program Files\Adobe\Photoshop 5.0 LE\psicon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Update Service (gupdate) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Olympus DVR Service) -- C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe (OLYMPUS IMAGING CORP.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (PACS Client Updater) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe (Agfa Healthcare)
SRV - (lxdi_device) -- C:\WINDOWS\System32\lxdicoms.exe ( )
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (SuperMicro Health Assistant) -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe ()
SRV - (AdaptecStorageManagerAgent) -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe (Adaptec Incorporated)
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228) -- C:\WINDOWS\system32\DRIVERS\tdrpm228.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SMBus) -- C:\WINDOWS\System32\drivers\smbus.sys (SuperMicro Computer, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (AACMgt) -- C:\WINDOWS\System32\drivers\aacmgt.sys (Adaptec, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (superbmc) -- C:\WINDOWS\System32\drivers\SUPERBMC.SYS ()
DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (ICDUSB) -- C:\WINDOWS\system32\drivers\Icdusb.sys (Sony Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (ISAIONT) -- C:\WINDOWS\System32\drivers\IsaIoNt.sys (SuperMicro Computer, Inc.)
DRV - (MemMapNt) -- C:\WINDOWS\System32\drivers\memmapnt.sys (SuperMicro Computer, Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/search?hl=en&safe=off&gbv=2&biw=1680&bih=875&q=+++&btnG=Search&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=
IE - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en&num=50&lr=&cr=&safe=off"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:5.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 81
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HOME\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HOME\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 11:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 11:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/25 09:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\HOME\Application Data\Move Networks [2009/09/05 09:32:33 | 000,000,000 | ---D | M]

[2010/02/02 19:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Extensions
[2010/02/02 19:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/28 12:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Extensions\[email protected]
[2012/01/30 19:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions
[2011/10/12 08:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/12 08:00:49 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011/10/12 08:12:36 | 000,000,000 | ---D | M] (Duplicate This Tab) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions\[email protected]
[2011/10/12 07:55:10 | 000,000,000 | ---D | M] (NewTabURL) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions\[email protected]
[2011/12/20 20:06:27 | 000,000,000 | ---D | M] (RoboForm Lite) -- C:\Documents and Settings\HOME\Application Data\Mozilla\Firefox\Profiles\1broxw2u.default\extensions\[email protected]
[2012/01/30 19:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 13:01:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/24 21:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2009/09/05 09:32:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOVE NETWORKS
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/29 17:13:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\HOME\Start Menu\Programs\Startup\naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra Button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra Button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: hma.com ([venice] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: hma-pas.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: hma-pas.com ([paweb] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: logmein.com ([office7-cosmvenice-local-iezcogbouy.app01-13] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: logmein.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: marketwatch.com ([custom] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: usaa.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Domains: wellsfargo.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1547161642-725345543-1003\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260564646609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268607875658 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia.com/common/cab/ikcntrls.cab (Ikonic Menu Control)
O16 - DPF: {F64CF9E2-3F17-424E-9943-1C7C546F0B2E} https://808pacs.hma.org/resultsviewer/ImpaxImageViewer.CAB (Impax Enterprise Image Viewer)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FDD223F-D092-4E09-AA9E-BA0FDCC308AC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F121C38-7506-413F-B4E3-669CBB6FB94E}: DhcpNameServer = 10.0.0.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/27 21:42:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 11:49:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HOME\Desktop\OTL.exe
[2012/02/01 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Desktop\bleeping computer
[2012/01/31 23:10:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/31 19:23:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HOME\Recent
[2012/01/30 22:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/29 17:08:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/29 17:06:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/29 17:06:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/29 17:06:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/29 17:06:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/29 17:06:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/29 16:54:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 16:52:47 | 004,393,886 | R--- | C] (Swearware) -- C:\Documents and Settings\HOME\Desktop\ComboFix.exe
[2012/01/24 21:02:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/24 21:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/01/24 12:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Desktop\New Folder
[2012/01/21 12:10:12 | 000,000,000 | ---D | C] -- C:\New Folder
[2012/01/20 19:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Desktop\backups
[2012/01/20 19:32:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HOME\Desktop\HijackThis.exe
[2012/01/20 19:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow RegCleaner 2011
[2012/01/20 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner 2011
[2012/01/20 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Application Data\TweakNow RegCleaner 2011
[2012/01/20 19:07:51 | 006,192,512 | ---- | C] (TweakNow.com ) -- C:\Documents and Settings\HOME\Desktop\RegCleaner645.exe
[2012/01/20 18:12:08 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HOME\Desktop\RootRepeal.exe
[2012/01/20 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2012/01/20 16:50:40 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/20 16:50:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2012/01/20 16:50:12 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2012/01/20 16:49:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/01/20 16:49:37 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2012/01/20 16:49:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/01/20 16:49:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2012/01/20 16:49:08 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/01/20 16:49:00 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/20 16:48:30 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/01/20 16:48:15 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/01/20 16:48:14 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/01/20 16:47:35 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/01/20 16:47:25 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/20 16:47:24 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/20 16:47:17 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/20 16:46:59 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/01/20 16:46:56 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/01/20 16:46:50 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/01/20 16:46:49 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/01/20 16:46:40 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/01/20 16:46:39 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/01/20 16:46:38 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/01/20 16:46:37 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/01/20 16:44:42 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/01/20 16:44:20 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/01/20 16:44:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/01/20 16:43:55 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/01/20 16:26:25 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/01/20 16:26:17 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/01/20 16:26:11 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/01/20 16:26:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/01/20 16:25:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/01/20 16:25:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/01/20 16:25:39 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/01/20 16:25:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/01/20 16:25:09 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/01/20 16:25:08 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/01/20 16:25:07 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/01/20 16:24:41 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/01/20 16:24:37 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/20 16:24:35 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/01/20 16:21:01 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/01/20 16:20:57 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/01/20 16:20:54 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/01/20 16:20:29 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/20 16:20:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2012/01/20 16:20:17 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2012/01/20 16:20:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/01/20 16:20:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/01/20 16:19:01 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2012/01/20 16:18:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/01/20 16:18:56 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/01/20 16:03:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/01/20 16:03:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/01/17 17:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Application Data\SUPERAntiSpyware.com
[2012/01/17 17:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/17 17:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/17 17:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/17 17:21:03 | 014,094,616 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\HOME\Desktop\SUPERAntiSpyware.exe
[2012/01/17 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2012/01/17 17:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2012/01/05 18:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HOME\Start Menu\Programs\Olympus DSS Player Pro
[2012/01/05 18:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Olympus DSS Player Pro
[2012/01/05 18:38:52 | 000,196,608 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\System32\olylistenserver.dll
[2012/01/05 18:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Olympus Shared
[2012/01/05 18:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2009/01/28 08:42:20 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/26 10:38:41 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[2007/04/26 10:38:38 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2007/04/26 10:38:36 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2007/04/12 13:05:06 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2007/04/12 13:03:34 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2007/04/12 12:58:30 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2007/04/12 12:58:24 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2007/04/12 12:57:42 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2007/04/12 12:56:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2007/04/12 12:56:10 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2007/04/12 12:55:32 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2007/04/12 12:52:37 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2007/04/12 12:52:31 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2007/04/12 12:51:37 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll

========== Files - Modified Within 30 Days ==========

[2012/02/01 11:49:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HOME\Desktop\OTL.exe
[2012/02/01 11:20:57 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\HOME\Start Menu\Programs\Startup\naviscope.lnk
[2012/02/01 11:20:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/01 11:20:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 22:41:47 | 004,393,886 | R--- | M] (Swearware) -- C:\Documents and Settings\HOME\Desktop\ComboFix.exe
[2012/01/30 07:53:24 | 011,444,224 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\TCFOSM (QuickBooks2010 Acct Transfer Jan 30,2012 07 52 AM).QBX
[2012/01/29 17:23:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/29 17:13:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/29 17:03:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/25 11:27:16 | 000,001,952 | -H-- | M] () -- C:\Documents and Settings\HOME\My Documents\Default.rdp
[2012/01/24 20:47:00 | 000,065,244 | ---- | M] () -- C:\Documents and Settings\HOME\My Documents\01242012.reg
[2012/01/24 19:29:01 | 000,613,897 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\Posting New Topic - BleepingComputer_com.mht
[2012/01/24 17:45:19 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\Error message when you open the properties of a network connection An unexpected error occur - FAQ - ICT - Developer Forum.url
[2012/01/24 16:58:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HOME\defogger_reenable
[2012/01/22 15:07:32 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\Scroogle Scraper.url
[2012/01/20 19:31:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HOME\Desktop\HijackThis.exe
[2012/01/20 19:08:21 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner 2011.lnk
[2012/01/20 19:07:51 | 006,192,512 | ---- | M] (TweakNow.com ) -- C:\Documents and Settings\HOME\Desktop\RegCleaner645.exe
[2012/01/20 18:12:08 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HOME\Desktop\RootRepeal.exe
[2012/01/19 13:19:56 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\Commercial Electronic Office.url
[2012/01/17 17:21:59 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/17 17:21:03 | 014,094,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\HOME\Desktop\SUPERAntiSpyware.exe
[2012/01/17 15:46:37 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\HOME\Desktop\Remote Access and Remote Desktop Software for Your Computer LogMeIn.url
[2012/01/15 16:51:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 18:38:38 | 000,000,767 | ---- | M] () -- C:\WINDOWS\Support.ini
[2012/01/05 18:37:36 | 000,196,608 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\System32\olylistenserver.dll

========== Files Created - No Company Name ==========

[2012/01/31 07:01:20 | 011,444,224 | ---- | C] () -- C:\Documents and Settings\HOME\Desktop\TCFOSM (QuickBooks2010 Acct Transfer Jan 30,2012 07 52 AM).QBX
[2012/01/29 17:08:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/29 17:08:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/29 17:06:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/29 17:06:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/29 17:06:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/29 17:06:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/29 17:06:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/24 20:47:00 | 000,065,244 | ---- | C] () -- C:\Documents and Settings\HOME\My Documents\01242012.reg
[2012/01/24 19:28:57 | 000,613,897 | ---- | C] () -- C:\Documents and Settings\HOME\Desktop\Posting New Topic - BleepingComputer_com.mht
[2012/01/24 17:45:19 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\HOME\Desktop\Error message when you open the properties of a network connection An unexpected error occur - FAQ - ICT - Developer Forum.url
[2012/01/24 16:58:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HOME\defogger_reenable
[2012/01/22 15:07:32 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\HOME\Desktop\Scroogle Scraper.url
[2012/01/20 19:08:21 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner 2011.lnk
[2012/01/20 16:50:38 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/17 17:21:59 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/15 16:51:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/20 21:08:44 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\HOME\Application Data\Recorder.ini
[2011/12/18 11:49:14 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/11/11 21:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2011/11/11 21:49:32 | 000,000,767 | ---- | C] () -- C:\WINDOWS\Support.ini
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/07/25 19:06:25 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\SuperDClk.ini
[2010/07/25 19:04:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES.dll
[2010/07/25 19:04:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhtw.dll
[2010/07/25 19:04:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhcn.dll
[2010/07/25 19:04:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\supermon.dll
[2010/07/25 19:04:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SMBiosInfo.exe
[2010/07/25 19:04:58 | 000,003,811 | ---- | C] () -- C:\WINDOWS\System32\SuperDOpt.ini
[2010/07/25 19:04:55 | 000,008,087 | ---- | C] () -- C:\WINDOWS\System32\SuperD.ini
[2010/03/14 21:57:49 | 001,107,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/02 19:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/16 13:27:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/19 09:55:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\HOME\Local Settings\Application Data\fusioncache.dat
[2009/09/27 18:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/13 17:31:11 | 000,008,266 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/05/26 15:28:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/26 15:28:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/08 12:59:43 | 000,000,932 | ---- | C] () -- C:\WINDOWS\Epsonem.ini
[2009/02/08 12:44:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/02/08 12:44:08 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/02/08 12:44:08 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/02/04 19:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2009/02/04 19:51:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2009/02/04 19:51:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2009/02/04 19:51:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2009/02/02 21:24:00 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2009/01/31 22:45:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/28 23:41:37 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\HOME\Local Settings\Application Data\FASTWiz.html
[2009/01/28 22:09:32 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/28 22:09:32 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/01/28 21:42:54 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/28 12:05:56 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 11:28:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/28 08:53:25 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/01/28 08:53:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/28 08:42:57 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/28 08:42:05 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\Sfman.dat
[2009/01/28 08:42:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Ac3api.ini
[2009/01/28 08:25:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\sndmail.exe
[2009/01/28 08:25:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SUPERDLL.DLL
[2009/01/28 08:25:59 | 000,014,174 | ---- | C] () -- C:\WINDOWS\System32\drivers\SUPERBMC.SYS
[2009/01/28 08:25:58 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/01/28 08:09:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/27 21:43:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/27 21:39:53 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/27 16:30:14 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/27 16:29:20 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/26 01:20:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2007/03/23 14:44:45 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2007/02/09 13:07:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2007/01/23 18:40:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2006/08/01 00:53:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2005/05/26 01:02:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,442,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,071,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[1997/08/01 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/08/01 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/01 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >
Thenk you

wwllmm

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 01 February 2012 - 12:37 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 February 2012 - 11:30 PM

Dear Gringo

Computer running about the same as previous post. Not getting a lot of redirect issues. No goolge.g.doubleclick on web sites other than the url above.
Cannot open network connections properties for LAN or 1394. Still cannot open bleeping computers home page in IE

Here is the log:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HOME\Desktop\bleeping computer\cmd.bat deleted successfully.
C:\Documents and Settings\HOME\Desktop\bleeping computer\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 53524 bytes

User: Administrator.WLM-WLM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1604916 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94384743 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 11444941 bytes

Total Files Cleaned = 103.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.WLM-WLM

User: All Users

User: Default User

User: HOME
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.WLM-WLM

User: All Users

User: Default User

User: HOME
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02012012_222902

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Thank you

wwllmm

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,452 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 01 February 2012 - 11:39 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wwllmm

wwllmm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 February 2012 - 09:29 PM

Dear Gringo,

Here is the log.

Farbar Service Scanner Version: 02-02-2012
Ran by HOME (administrator) on 02-02-2012 at 21:26:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Thank you, wwllmm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users